Consumers and financial institutions today rely heavily on various financial instruments to complete day-to-day transactions, be they complex or simple in nature—from investing in corporations by purchasing stocks, to purchasing merchandise at a retail store using a credit card. The financial transactions that are completed daily range in the trillions of dollars, but often exceed this amount. Accordingly, new systems and devices have been introduced into the marketplace aimed at making these transactions easier to complete. For example, banking customers may now log into their bank's online Website to complete various types of transactions. Further still, recently developed smartphones and tablets allow these same customers to pay their bills, make transfers and complete any number of financial transactions at many locations previously unconceivable.
While the accessibility of one's account and the ability to complete various forms of transactions have been improved with recent developments, the methods for authorizing access and authorizing transactions utilized today remain rudimentary at best. Current solutions fail to provide complete security at each and every point in a transaction—from transaction request to completion—including at the server environment, at the client environment, and along the connection path between the parties. The current solutions further fail to provide adequate security through a dynamic authentication method, through restrictions in usage where desired and necessary, and through transaction/audit recording.
Indeed, financial institutions and businesses still rely heavily on the use of a username and password to verify authorization for access to customer accounts and to complete transactions, despite the advances in technology in almost every other facet of financial transactions. Customers must still log in by entering some combination of a password and/or PIN. Text-based passwords, however, can be easily stolen or deduced by hackers and other unauthorized users. After all, many customers use common or basic passwords, such as some combination of birthdays, maiden names or lucky numbers. While lengthy PINs or multi-character and digit passwords may be utilized, or even required by some businesses, customers often simply add a digit or character to their basic password or simply repeat the characters of their simple passwords, rendering the additional requirements ineffective. In addition, requiring a user to enter a username and password to gain access or provide authorization is inefficient for the user, increases the likelihood of errors, and otherwise frustrates and impedes the user experience. While many companies have developed alternative solutions to text-based authorization, many of these solutions are also flawed and fail to make up for the deficiencies of the text-based authorization methods. For one, while many solutions increase security in certain areas, they still rely on manual text entry as a means to prove authorization. For example, security methods developed by RSA require users not only to enter their username and their password, but also a dynamically generated 6-digit pin. As with simple username/password methods common in the industry, these solutions are slow and error-prone. In addition, security is not increased at the server environment or at the connection line between the parties. Furthermore, these methods require the involvement of Information Technology (IT) personnel and training of both IT members as well as customers with whom the IT members serve. Additionally, such solutions are costly and are not ordinarily affordable for average consumers.
Other developed solutions, further, fail to take advantage of those devices and systems already adopted by the consumers at large, and instead, require new devices and systems to be purchased by consumers and businesses alike. For example, to take advantage of wireless mobile payments, such as Google Wallet, consumers must purchase new smartphones with Near Field Communications (NFC) wireless technology. Likewise, businesses must make available devices capable of communicating via NFC with these mobile devices to complete transactions. Hesitant of yet another new technology and the need to purchase yet another new device, adoption of such solutions is slow and often unsuccessful. Businesses, for example, have not seen sufficient consumer interests in the use of NFC and, therefore, have not purchased NFC receivers for their retail locations. Likewise, consumers have recognized that even if they purchase the new smartphone they may not be able to utilize it at many locations. With both parties in the potential transaction hesitant to adopt the new technology, the uses of such technologies have been limited and the tipping point for mass-market adoption has yet to be reached. Similar market stagnation has been realized for similar authorization methods such as those involving the use of fingerprints, retinas, voices, or digital certificates for authorization. The effect of the flaws and deficiencies of these recently developed technologies are evident in the market as consumers today still remain reliant on the rudimentary username/password methods to provide access and transaction authorization. There is yet to be a transaction authorization solution in the marketplace that is secure, easy to use, and require minimal costs to implement and use.
Therefore, an improved solution for facilitating and authorizing electronic transactions that overcomes the flaws and deficiencies of currently available methods is needed.